CVE-2024-23306

CWE-522 — Insufficiently Protected Credentials4 documents4 sources

Severity

7.1HIGH

EPSS

0.2%

top 63.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Next CNF F5 Big-ip Next SPK F5 Big-ip Next Cloud-native Network Functions

Timeline

PublishedFeb 14

Description

A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 1.8 | Impact: 5.2

Affected Packages3 packages

▶CVEListV5f5/big-ip_next_cnf1.0.0 — 1.2.0

▶CVEListV5f5/big-ip_next_spk1.3.0 — 1.5.0

▶NVDf5/big-ip_next_cloud-native_network_functions1.1.0 — 1.2.0

🔴Vulnerability Details

CVEList

BIG-IP Next CNF & SPK vulnerability↗2024-02-14

▶

GHSA

GHSA-5qf5-p4mh-hv7h: A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files↗2024-02-14

▶

📋Vendor Advisories

CVE-2024-23306: A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files↗2024-02-14

▶